{% extends "base.html" %}

{% block title %}
{% if vendor %}
{{ vendor.name | humanize }}
{% if product %}
- {{ product.name | humanize }}
{% endif %}
CVE
{% elif request.args.get('cwe') %}
CWE-{{ request.args.get('cwe') }} CVE
{% else %}
Vulnerabilities (CVE)
{% endif %}
- {{ super() }}
{% endblock %}

{% block content %}
{% from "_macros.html" import render_tag %}

<section class="content-header">
    <h1>Vulnerabilities (CVE)</h1>
    <ol class="breadcrumb">
        <li><a href="{{ url_for('main.home') }}">OpenCVE</a></li>
        <li class="active">Vulnerabilities (CVE)</li>
    </ol>
</section>

<section class="content">
    {% if request.args.get('cwe') %}
    <div class="row">
        <div class="col-xs-6">
            <div class="box box-info">
                <div class="box-header">
                    <div class="box-title"><i class="fa fa-filter"></i> Filtered by {{ request.args.get('cwe') }}
                    </div>
                    <div class="box-tools pull-right">
                        <a type="button" class="btn btn-box-tool" data-toggle="remove"
                           href="{{ url_for('main.cves', cvss=request.args.get('cvss')) }}"><i class="fa fa-times"></i></a>
                    </div>
                </div>
            </div>
        </div>
    </div>
    {% endif %}
    {% if vendor or product %}
    <div class="row">
        {% if vendor %}
        <div class="col-sm-12 col-lg-6">
            <div class="box box-info">
                <div class="box-header">
                    <div class="box-title">
                        Filtered by vendor <strong>{{ vendor.name | humanize }}</strong>
                        {% if current_user.is_authenticated %}
                        {% if vendor in current_user.vendors %}
                        <button class="btn btn-danger btn-sm subscribe" id="unsubscribe_vendor_{{ vendor.id }}"
                                type="button">Unsubscribe
                        </button>
                        {% else %}
                        <button class="btn btn-default btn-sm subscribe" id="subscribe_vendor_{{ vendor.id }}"
                                type="button">Subscribe
                        </button>
                        {% endif %}
                        {% else %}
                        <a class="btn btn-default btn-sm"
                           href="{{ url_for('user.login', next=request.url) }}"
                           data-toggle="tooltip"
                           data-container="body"
                           title="You must be signed in to subscribe">Subscribe
                        </a>
                        {% endif %}
                    </div>
                    <div class="box-tools pull-right">
                        <a type="button" class="btn btn-box-tool" data-toggle="remove"
                           href="{{ url_for('main.cves', cvss=request.args.get('cvss')) }}"><i class="fa fa-times"></i></a>
                    </div>
                </div>
            </div>
        </div>
        {% endif %}

        {% if product %}
        <div class="col-sm-12 col-lg-6">
            <div class="box box-info">
                <div class="box-header">
                    <div class="box-title">
                        Filtered by product <strong>{{ product.name | humanize }}</strong>
                        {% if current_user.is_authenticated %}
                        {% if product in current_user.products %}
                        <button class="btn btn-danger btn-sm subscribe" id="unsubscribe_product_{{ product.id }}"
                                type="button">Unsubscribe
                        </button>
                        {% else %}
                        <button class="btn btn-default btn-sm subscribe" id="subscribe_product_{{ product.id }}"
                                type="button">Subscribe
                        </button>
                        {% endif %}
                        {% else %}
                        <a class="btn btn-default btn-sm subscribe"
                           href="{{ url_for('user.login', next=request.url) }}"
                           data-toggle="tooltip"
                           data-container="body"
                           title="You must be signed in to subscribe">Subscribe
                        </a>
                        {% endif %}
                    </div>
                    <div class="box-tools pull-right">
                        <a type="button" class="btn btn-box-tool" data-toggle="remove"
                           href="{{ url_for('main.cves', cvss=request.args.get('cvss'), vendor=request.args.get('vendor')) }}"><i
                                class="fa fa-times"></i></a>
                    </div>
                </div>
            </div>
        </div>
        {% endif %}
    </div>
    {% endif %}

    <div class="row">
        <div class="col-md-9">
            <div class="box">
                <div class="box-header"></div>
                <div class="box-body">
                    <form method="GET">
                        {% if request.args.get('cwe') %}
                        <input type="hidden" name="cwe" value="{{ request.args.get('cwe') }}" />
                        {% endif %}
                        {% if request.args.get('vendor') %}
                        <input type="hidden" name="vendor" value="{{ vendor.name }}" />
                        {% endif %}
                        {% if request.args.get('product') %}
                        <input type="hidden" name="product" value="{{product.name }}" />
                        {% endif %}
                        <div class="row">
                            <div class="col-md-3">
                                <div class="form-group">
                                    {% if current_user.is_authenticated %}
                                    <select class="form-control select2" name="tag" data-placeholder="Select a tag">
                                        <option></option>
                                        {% for t in user_tags %}
                                        <option {% if (tag.name == t.name) %} selected="selected" {% endif %} value="{{ t.name }}">{{ t.name }}</option>
                                        {% endfor %}
                                    </select>
                                    {% else %}
                                    <div
                                        data-toggle="tooltip"
                                        data-container="body"
                                        title="You must be signed in to filter the list of CVE by tag"
                                    >
                                        <select class="form-control select2" data-placeholder="Select a tag" disabled></select>
                                    </div>
                                    {% endif %}
                                </div>
                            </div>
                            <div class="col-md-3">
                                <div class="form-group">
                                    <select class="form-control select2" name="cvss" data-placeholder="Filter by CVSS v3 score">
                                        <option></option>
                                        <option {% if request.args.get('cvss') == 'none' %} selected="selected" {% endif %} value="none">None (0.0)</option>
                                        <option {% if request.args.get('cvss') == 'low' %} selected="selected" {% endif %} value="low">Low (0.1 - 3.9)</option>
                                        <option {% if request.args.get('cvss') == 'medium' %} selected="selected" {% endif %} value="medium">Medium (4.0 - 6.9)</option>
                                        <option {% if request.args.get('cvss') == 'high' %} selected="selected" {% endif %} value="high">High (7.0 - 8.9)</option>
                                        <option {% if request.args.get('cvss') == 'critical' %} selected="selected" {% endif %} value="critical">Critical (9.0 - 10.0)</option>
                                    </select>
                                </div>
                            </div>
                            <div class="col-md-4">
                                    <input type="text" placeholder="Search in CVEs" class="form-control" name="search"
                                           value="{% if request.args.get('search') %}{{ request.args.get('search') }}{% endif %}">
                            </div>
                            <div class="col-md-2">
                                <button type="submit" class="btn btn-primary">Search</button>
                            </div>
                        </div>
                    </form>
                </div>
            </div>
        </div>

        <div class="col-md-3">
            <div class="info-box">
                <span class="info-box-icon bg-primary"><i class="fa fa-shield"></i></span>

                <div class="info-box-content">
                    <span class="info-box-text">Total</span>
                    <span class="info-box-number">{{ cves.total }} CVE</span>
                </div>
            </div>
        </div>
    </div>

    <div class="row">
        <div class='col-md-12'>
            {% if cves.items %}
            <div class="box box-primary">
                <div class="box-body table-responsive no-padding">
                    <table class="table" id="cves">
                        <thead>
                        <th>CVE</th>
                        <th>Vendors</th>
                        <th>Products</th>
                        <th class="text-center">Updated</th>
                        <th class="text-center">CVSS v2</th>
                        <th class="text-center">CVSS v3</th>
                        </thead>
                        {% for cve in cves.items %}
                        <tr class="cve-header">
                            <td class="col-md-2"><a href="{{ url_for('.cve', cve_id=cve.cve_id) }}"><strong>{{
                                cve.cve_id }}</strong></a></td>
                            <td class="col-md-3">{{ cve.vendors|vendors_excerpt|safe }}</td>
                            <td class="col-md-3">{{ cve.vendors|products_excerpt|safe }}</td>
                            <td class="col-md-2 text-center">{{ cve.updated_at.strftime('%Y-%m-%d') }}</td>
                            {% if cve.json.impact.baseMetricV2 %}
                            <td class="col-md-1 text-center"><span
                                    class="label {{ cvss_bg(cve.json.impact.baseMetricV2.cvssV2.baseScore)[1] }}">{{ cve.json.impact.baseMetricV2.cvssV2.baseScore }} {{ cve.json.impact.baseMetricV2.severity }}</span>
                            </td>
                            {% else %}
                            <td class="col-md-1 text-center"><span class="label label-default">N/A</span></td>
                            {% endif %}
                            {% if cve.json.impact.baseMetricV3 %}
                            <td class="col-md-1 text-center"><span
                                    class="label {{ cvss_bg(cve.json.impact.baseMetricV3.cvssV3.baseScore)[1] }}">{{ cve.json.impact.baseMetricV3.cvssV3.baseScore }} {{ cve.json.impact.baseMetricV3.cvssV3.baseSeverity }}</span>
                            </td>
                            {% else %}
                            <td class="col-md-1 text-center"><span class="label label-default">N/A</span></td>
                            {% endif %}
                        </tr>
                        <tr class="cve-summary">
                            <td class="col-md-12 no-bordered" colspan="5">{{ cve.summary }}</td>
                        </tr>
                        {% endfor %}
                    </table>

                    <div class="center">
                        {{ pagination.links }}
                    </div>
                </div>
            </div>
            {% else %}
            <p class="alert alert-info">No CVE found.</p>
            {% endif %}
        </div>
    </div>

</section>
{% endblock %}
